In The Claims: REPLACEMENT CLAIMS 
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hod of managing risk with the aid of a computer system, said 

identifying a set of risk elements, saia risk elements being stored in 
a database coupled to said computer; 

identifying one or more coptrol procedures associated with each 
said risk element, said^Jontrol procedures being stored in said 
database; 

assigning a wefght to each said control procedure; 
identifying a compliance rating for each said control procedure; 
and 

calculating a compliance score, said compliance score being a 
function of said assigned weights and said compliance rating of 
said control procedures. 





1 5 l%_y^jiiQthod of managing risk with the pd of a computer system, said 

meth^^omprisi; 

identifying a set of risk elements, said risk elements being stored in 
a database coupled to said computer; 

identifying one or more subrisk elements associated with each said 
20 risk element, each said subjrisk element being stored in said 

database; 

identifying one or more cjbntrol procedures associated with each 
said subrisk element, sai^l control procedures being stored in said 
database; 

assigning a weight to esfch said control procedure; 
identifying a compliance rating for each said control procedure, 
said compliance ratings including a plurality of categories 
including at least one ^category indicating said control procedure is 
not fully compliant; 

30 f calculating a compliance score, said compliance score being a 

function of said assigned weights and said compliance rating of 
said control procedures; 
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for each said subrisk/detpimining whether at least one control 
procedure associated ^vith said subrisk is not fully compliant; 
for each said subprsk associated with at least one control procedure 
which is notffilly compliant, receiving a signal indicating whether 
said subrisk should be accepted or not accepted; and 
for^ach said subrisk which is indicated as not accepted, generating 
an action plan. 




hod of forecasting risk with the aid of a computer system, said 



lethod comprising: 

identifying a set of risk elements, said risk^dements being stored in 
a database coupled to said computer; 

identifying one or more control procedures associated with each 
said risk element, said control p/ocedures being stored in said 
database; 

c. assigning a weight to each / said control procedure; 

d. identifying a compliance rating for each said control procedure, 
said compliance ratings chosen from a set of ratings including at 
least one rating identifying a non-fully compliant control procedure 
and at least one rating identifying fully compliant control 
procedures^ 

e. for eacl/said control procedure having a non-fully compliant 
ratin^generating an action plan, said action plan including a target 
date for at least one action listed therein; and 
^calculating an expected compliance score for a future date, said 
expected compliance score being a function of said assigned 
weights, said fully compliant control procedures, and said action 
plan target dates for said non-fully compliant control procedures. 
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